Securing the Network
Security is a fundamental component of every network design. When planning, building, and operating a network, you should understand the importance of a strong security policy. How important is it to have a strong network security policy? The Computer Security Institute (CSI) produced a report from the “Computer Crime and Security Survey” that provided an updated look at the impact of computer crime in the United States.One of the major participants was the San Francisco Federal Bureau of
Investigation (FBI) Computer Intrusion Squad. Based on responses from over 700 computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions, and universities, the survey confirms that the threat from computer crime and other information security breaches continues unabated and that the financial toll is mounting.
The application of an effective security policy is the most important step that an organization must take to protect itself. An effective security policy is the foundation for all of the activities undertaken to secure network resources.
Need for Network Security
In the past, hackers were highly skilled programmers who understood the intricacies of computer communications and how to exploit vulnerabilities. Today almost anyone can become a hacker by downloading tools from the Internet. These sophisticated attack tools and generally open networks have generated an increased need for network security and dynamic security policies.
The easiest way to protect a network from an outside attack is to close it off completely from the outside world. A closed network provides connectivity only to trusted known parties and sites; a closed network does not allow a connection to public networks.
Figure 1-16 shows an example of a closed network.
Because they have no Internet connectivity, networks designed in this way can be considered safe from Internet attacks. However, internal threats still exist. The CSI in San Francisco, California, estimates that 60 to 80 percent of network misuse comes from inside the enterprise where the misuse has taken place.
Today, corporate networks require access to the Internet and other public networks. Most of these networks have several access points to public and other private networks, as shown in Figure 1-17. Securing open networks is important.
Figure 1-16 Closed Network
As previously mentioned, one of the challenges to security is that hacking a network has become easier for those with little or no computer skills. Figure 1-18 illustrates how the increasing sophistication of hacking tools and the decreasing skill needed to use these tools have combined to pose increasing threats to open networks.
Figure 1-17 Open Network
Figure 1-18 Hacking Skills Matrix
With the development of large open networks, security threats have increased significantly in the past 20 years. Hackers have discovered more network vulnerabilities, and because you can now download applications that require little or no hacking
knowledge to implement, applications intended for troubleshooting and maintaining and optimizing networks can, in the wrong hands, be used maliciously and pose severe threats.
Balancing Network Security Requirements
The overall security challenge is to find a balance between two important needs: open networks to support evolving business requirements and freedom-of-information initiatives versus the protection of private, personal, and strategic business information.Figure 1-19 shows the relationship between expanding the business value and increasing security risks.
Security has moved to the forefront of network management and implementation. The survival of many businesses depends on allowing open access to network resources and ensuring that data and resources are as secure as possible. The escalating importance of e-business and the need for private data to traverse potentially unsafe public networks both increase the need for the development and implementation of a corporate-wide network security policy. Establishing a network security policy should be the first step in changing a network over to a secure infrastructure.
Figure 1-19 Security Challenge
The Internet has created expectations for a company to build stronger relationships with customers, suppliers, partners, and employees. E-business challenges companies to become more agile and competitive. The benefit of this challenge is that new applications for e-commerce, supply chain management, customer care, workforce optimization, and e-learning have been created. These applications streamline and improve processes, lowering costs while increasing turnaround times and user satisfaction.
As enterprise network managers open their networks to more users and applications, they also expose the networks to greater risks. The result has been an increase in business security requirements. Security must be included as a fundamental component of any e-business strategy.
E-business requires mission-critical networks that can accommodate ever-increasing constituencies and ever-increasing demands on capacity and performance. These networks also need to handle voice, video, and data traffic as networks converge into multiservice environments.
Adversaries, Hacker Motivations, and Classes of Attack
To defend against attacks on information and information systems, organizations must
define the threat in these three terms:
- Adversaries: Potential adversaries might include nation-states, terrorists, criminals, hackers, disgruntled employees, and corporate competitors.
- Hacker motivations: Hackers’ motivations might include intelligence gathering, the theft of intellectual property, denial of service (DoS), the embarrassment of the company or clients, or the challenge of exploiting a notable target.
- Classes of attack: Classes of attack might include passive monitoring of communications, active network attacks, close-in attacks, exploitation by insiders, and attacks through the service provider.
Information systems and networks offer attractive targets and should be resistant to attack from the full range of threat agents, from hackers to nation-states. A system must be able to limit damage and recover rapidly when attacks occur.
Classes of Attack
There are five classes of attack:
- Passive: Passive attacks include traffic analysis, monitoring of unprotected communications, decrypting weakly encrypted traffic, and capturing authentication information such as passwords. Passive interception of network operations enables
adversaries to see upcoming actions. Passive attacks result in the disclosure of information or data files to an attacker without the consent or knowledge of the user. Examples include the disclosure of personal information such as credit card numbers and medical files.
- Active: Active attacks include attempts to circumvent or break protection features, to introduce malicious code, and to steal or modify information. These attacks are mounted against a network backbone, exploit information in transit, electronically
penetrate an enclave, or attack an authorized remote user during an attempt to connect to an enclave. Active attacks result in the disclosure or dissemination of data files, DoS, or modification of data.
- Close-in: Close-in attacks consist of regular individuals attaining close physical proximity to networks, systems, or facilities for the purpose of modifying, gathering, or denying access to information. Close physical proximity is achieved through surreptitious entry into the network, open access, or both.
- Insider: Insider attacks can be malicious or nonmalicious. Malicious insiders intentionally eavesdrop, steal, or damage information; use information in a fraudulent manner; or deny access to other authorized users. Nonmalicious attacks typically result from carelessness, lack of knowledge, or intentional circumvention of security for such reasons as performing a task.
- Distributed: Distribution attacks focus on the malicious modification of hardware or software at the factory or during distribution. These attacks introduce malicious code such as a back door to a product to gain unauthorized access to information or to a system function at a later date.
Mitigating Common Threats
Improper and incomplete network device installation is an often-overlooked security threat that, if left unaddressed, can have dire results. Software-based security measures alone cannot prevent premeditated or even accidental network damage caused by poor installation. The following sections describe how to mitigate common security threats to Cisco routers and switches.
Hardware threats involve threats of physical damage to the router or switch hardware. Mission-critical Cisco network equipment should be located in wiring closets or in computer or telecommunications rooms that meet these minimum requirements:
- The room must be locked with only authorized personnel allowed access.
- The room should not be accessible via a dropped ceiling, raised floor, window,
ductwork, or point of entry other than the secured access point.
- If possible, use electronic access control with all entry attempts logged by security
systems and monitored by security personnel.
- If possible, security personnel should monitor activity via security cameras with
Environmental threats, such as temperature extremes (too hot or too cold) or humidity extremes (too wet or too dry), also require mitigation. Take these actions to limit environmental damage to Cisco network devices:
- Supply the room with dependable temperature and humidity control systems. Always verify the recommended environmental parameters of the Cisco network equipment with the supplied product documentation.
- Remove any sources of electrostatic and magnetic interference in the room.
- If possible, remotely monitor and alarm the environmental parameters of the room.
Electrical threats, such as voltage spikes, insufficient supply voltage (brownouts), unconditioned power (noise), and total power loss, can be limited by adhering to these guidelines:
- Install uninterruptible power supply (UPS) systems for mission-critical Cisco network devices.
- Install backup generator systems for mission-critical supplies.
- Plan for and initiate regular UPS or generator testing and maintenance procedures
based on the manufacturer-suggested preventative maintenance schedule.
- Install redundant power supplies on critical devices.
Monitor and alarm power-related parameters at the power supply and device levels.Maintenance threats include poor handling of key electronic components, electrostatic discharge (ESD), lack of critical spares, poor cabling, poor labeling, and so on.
Maintenance-related threats are a broad category that includes many items. Follow the general rules listed here to prevent maintenance-related threats:
- Clearly label all equipment cabling and secure the cabling to equipment racks to prevent accidental damage, disconnection, or incorrect termination.Use cable runs, raceways, or both to traverse rack-to-ceiling or rack-to-rack connections.
- Always follow ESD procedures when replacing or working with internal router and switch device components.
- Maintain a stock of critical spares for emergency use.
- Do not leave a console connected to and logged into any console port. Always log off administrative interfaces when leaving a station.
- Do not rely upon a locked room as the only necessary protection for a device. Always remember that no room is ever totally secure. After intruders are inside a secure room, nothing is left to stop them from connecting a terminal to the console port of a Cisco router or switch.
Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. Reconnaissance is also known as information gathering and, in most cases, precedes an actual access or DoS attack. First, the malicious intruder typically conducts a ping sweep of the target network to determine which IP addresses are alive. Then the intruder determines which services or ports are active on the live IP addresses. From this information, the intruder queries the ports to determine the type and version of the application and operating system running on the target host.
Reconnaissance is somewhat analogous to a thief investigating a neighborhood for vulnerable homes, such as an unoccupied residence or a house with an easy-to-open door or window. In many cases, intruders look for vulnerable services that they can exploit later when less likelihood that anyone is looking exists.
Access attacks exploit known vulnerabilities in authentication services, FTP services, and web services to gain entry to web accounts, confidential databases, and other sensitive information.
A password attack usually refers to repeated attempts to identify a user account, password, or both. These repeated attempts are called brute-force attacks. Password attacks are implemented using other methods, too, including Trojan horse programs, IP spoofing, and packet sniffers.
A security risk lies in the fact that passwords are stored as plaintext. You need to encrypt passwords to overcome risks. On most systems, passwords are processed through an encryption algorithm that generates a one-way hash on passwords. You cannot reverse a one-way hash back to its original text. Most systems do not decrypt the stored password during authentication; they store the one-way hash. During the login process, you supply an account and password, and the password encryption algorithm generates a one-way hash. The algorithm compares this hash to the hash stored on the system. If the hashes are the same, the algorithm assumes that the user supplied the proper password.
Remember that passing the password through an algorithm results in a password hash. The hash is not the encrypted password, but rather a result of the algorithm. The strength of the hash is that the hash value can be recreated only with the original user and password information and that retrieving the original information from the hash is impossible. This strength makes hashes perfect for encoding passwords for storage. In granting authorization, the hashes, rather than the plain password, are calculated and compared.
Password attack threat-mitigation methods include these guidelines:
- Do not allow users to have the same password on multiple systems. Most users have the same password for each system they access, as well as for their personal systems.
- Disable accounts after a specific number of unsuccessful logins. This practice helps to prevent continuous password attempts.
- Do not use plaintext passwords. Use either a one-time password (OTP) or an encrypted password.
- Use strong passwords. Strong passwords are at least eight characters long and contain uppercase letters, lowercase letters, numbers, and special characters. Many systems now provide strong password support and can restrict users to strong passwords only.